Merge tag 'pull-loongarch-20241016' of https://gitlab.com/gaosong/qemu into staging
[qemu/armbru.git] / include / crypto / secret.h
blob5d20ae6d2f8b4fe07d39eabc90fb68bd23113e1d
1 /*
2 * QEMU crypto secret support
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #ifndef QCRYPTO_SECRET_H
22 #define QCRYPTO_SECRET_H
24 #include "qapi/qapi-types-crypto.h"
25 #include "qom/object.h"
26 #include "crypto/secret_common.h"
28 #define TYPE_QCRYPTO_SECRET "secret"
29 typedef struct QCryptoSecret QCryptoSecret;
30 DECLARE_INSTANCE_CHECKER(QCryptoSecret, QCRYPTO_SECRET,
31 TYPE_QCRYPTO_SECRET)
33 typedef struct QCryptoSecretClass QCryptoSecretClass;
35 /**
36 * QCryptoSecret:
38 * The QCryptoSecret object provides storage of secrets,
39 * which may be user passwords, encryption keys or any
40 * other kind of sensitive data that is represented as
41 * a sequence of bytes.
43 * The sensitive data associated with the secret can
44 * be provided directly via the 'data' property, or
45 * indirectly via the 'file' property. In the latter
46 * case there is support for file descriptor passing
47 * via the usual /dev/fdset/NN syntax that QEMU uses.
49 * The data for a secret can be provided in two formats,
50 * either as a UTF-8 string (the default), or as base64
51 * encoded 8-bit binary data. The latter is appropriate
52 * for raw encryption keys, while the former is appropriate
53 * for user entered passwords.
55 * The data may be optionally encrypted with AES-256-CBC,
56 * and the decryption key provided by another
57 * QCryptoSecret instance identified by the 'keyid'
58 * property. When passing sensitive data directly
59 * via the 'data' property it is strongly recommended
60 * to use the AES encryption facility to prevent the
61 * sensitive data being exposed in the process listing
62 * or system log files.
64 * Providing data directly, insecurely (suitable for
65 * ad hoc developer testing only)
67 * $QEMU -object secret,id=sec0,data=letmein
69 * Providing data indirectly:
71 * # printf "letmein" > password.txt
72 * # $QEMU \
73 * -object secret,id=sec0,file=password.txt
75 * Using a master encryption key with data.
77 * The master key needs to be created as 32 secure
78 * random bytes (optionally base64 encoded)
80 * # openssl rand -base64 32 > key.b64
81 * # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"')
83 * Each secret to be encrypted needs to have a random
84 * initialization vector generated. These do not need
85 * to be kept secret
87 * # openssl rand -base64 16 > iv.b64
88 * # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"')
90 * A secret to be defined can now be encrypted
92 * # SECRET=$(printf "letmein" |
93 * openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
95 * When launching QEMU, create a master secret pointing
96 * to key.b64 and specify that to be used to decrypt
97 * the user password
99 * # $QEMU \
100 * -object secret,id=secmaster0,format=base64,file=key.b64 \
101 * -object secret,id=sec0,keyid=secmaster0,format=base64,\
102 * data=$SECRET,iv=$(<iv.b64)
104 * When encrypting, the data can still be provided via an
105 * external file, in which case it is possible to use either
106 * raw binary data, or base64 encoded. This example uses
107 * raw format
109 * # printf "letmein" |
110 * openssl enc -aes-256-cbc -K $KEY -iv $IV -o pw.aes
111 * # $QEMU \
112 * -object secret,id=secmaster0,format=base64,file=key.b64 \
113 * -object secret,id=sec0,keyid=secmaster0,\
114 * file=pw.aes,iv=$(<iv.b64)
116 * Note that the ciphertext can be in either raw or base64
117 * format, as indicated by the 'format' parameter, but the
118 * plaintext resulting from decryption is expected to always
119 * be in raw format.
122 struct QCryptoSecret {
123 QCryptoSecretCommon parent_obj;
124 char *data;
125 char *file;
129 struct QCryptoSecretClass {
130 QCryptoSecretCommonClass parent_class;
133 #endif /* QCRYPTO_SECRET_H */